Webshell

Sep 12, 2021  ·  15 min read

HackTheBox - Gobox

SSTI in Golang, abuse S3 bucket, and NGINX backdoor

Linux S3 AWS LocalStack
Aug 07, 2021  ·  10 min read

HackTheBox - TheNotebook

Abusing JWT key identifier and breaking out of a Docker container

Linux JWT Webshell CVE-2019-5736
Jun 26, 2021  ·  10 min read

HackTheBox - Spectra

Getting password from automatic login script of ChromeOS

Linux Chrome-OS WordPress Directory-Listing
May 07, 2021  ·  9 min read

HackTheBox - Passage

USBCreator LPE on Linux

Linux CVE-2019-11447 Webshell SSH-Key-Reuse
May 03, 2021  ·  12 min read

HackTheBox - Worker

Learn how Azure Pipelines can be abused

Windows Svn Webshell Azure-DevOps
May 01, 2021  ·  8 min read

HackTheBox - Buff

Tunneling with Chisel to deliver a buffer overflow exploit

Windows Webshell CloudMe Buffer-Overflow
Apr 28, 2021  ·  10 min read

HackTheBox - SneakyMailer

Example of a phishing attack and PyPI package exploitation

Linux SMTP IMAP Sylpheed
Apr 24, 2021  ·  14 min read

HackTheBox - Bucket

Pentesting against simulated AWS S3 Bucket

Linux AWS LocalStack S3
Apr 09, 2021  ·  6 min read

HackTheBox - Magic

SQLi for login bypass and embed webshell to an image file

Linux SQL-Injection Exiftool Upload-Bypass
Apr 02, 2021  ·  6 min read

HackTheBox - OpenAdmin

Exploiting OpenNetAdmin vulnerability and sudo nano

Linux Code-Review Webshell Password-Cracking